Hi, Is this patch the right way to do it?
My motivation was this: https://github.com/fooinha/nginx-ssl-ja3 Obrigado | Thanx | СПС Paulo Pacheco | Паулу Пачеку ------------------------------------------ CUT HERE ------------------------------------------ diff -r 2e8de3d81783 src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Tue Aug 22 17:36:12 2017 +0300 +++ b/src/event/ngx_event_openssl.c Tue Aug 22 20:20:30 2017 +0000 @@ -1221,6 +1221,60 @@ } +#if OPENSSL_VERSION_NUMBER >= 0x10101000L + +int +ngx_SSL_early_cb_fn(SSL *s, int *al, void *arg) { + + int got_extensions; + int *ext_out; + size_t ext_len; + ngx_connection_t *c; + + c = arg; + + if (c == NULL) { + return 1; + } + + if (c->ssl == NULL) { + return 1; + } + + c->ssl->client_extensions_size = 0; + c->ssl->client_extensions = NULL; + + got_extensions = SSL_early_get1_extensions_present(s, + &ext_out, + &ext_len); + if (!got_extensions) { + return 1; + } + + if (!ext_out) { + return 1; + } + + if (!ext_len) { + return 1; + } + + c->ssl->client_extensions = ngx_palloc(c->pool, sizeof(int) * ext_len); + if (c->ssl->client_extensions == NULL) { + OPENSSL_free(ext_out); + return 1; + } + + c->ssl->client_extensions_size = ext_len; + ngx_memcpy(c->ssl->client_extensions, ext_out, sizeof(int) * ext_len); + + OPENSSL_free(ext_out); + + return 1; +} +#endif + + ngx_int_t ngx_ssl_handshake(ngx_connection_t *c) { @@ -1229,6 +1283,10 @@ ngx_ssl_clear_error(c->log); +#if OPENSSL_VERSION_NUMBER >= 0x10101000L + SSL_CTX_set_early_cb(c->ssl->session_ctx, ngx_SSL_early_cb_fn, c); +#endif + n = SSL_do_handshake(c->ssl->connection); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); diff -r 2e8de3d81783 src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h Tue Aug 22 17:36:12 2017 +0300 +++ b/src/event/ngx_event_openssl.h Tue Aug 22 20:20:30 2017 +0000 @@ -85,6 +85,11 @@ unsigned no_wait_shutdown:1; unsigned no_send_shutdown:1; unsigned handshake_buffer_set:1; + +#if OPENSSL_VERSION_NUMBER >= 0x10101000L + size_t client_extensions_size; + int *client_extensions; +#endif }; ------------------------------------------ CUT HERE ------------------------------------------ _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
